Accelerating all outbound traffic from LAN

Not cheap either but will work to balance the load on outbound WAN circuits -> FatPipe

You are looking for a magic bullet and there are none.  WAN acceleration devices work in pairs and work by a few different methods, all which are really "data reduction" methods.  Data compression, data differental transmission, or various methods of data compressions.

Now, if you are talking about specific types of traffic, such as HTML, there are devices that will do dynamic HTML compression.  But they only work for HTML.  

FatPipes really does not do WAN acceleration, it will do outbound load balancing, assuming you have multiple Internet links via multiple ISP and you are not already doing BGP.

Where is the "choke point" in your network, just between yourself and your ISP?  Also, would it be possible for you to block certain miscellaneous sites that are more bandwidth intensive so as to give more to the sites that actually need it?

If he is not going to use BGP along with the knobs to tweak outbound traffic and doesn't want an expensive device to determine best path but wants to leverage the bandwidth he already has, load balancing is a good option.

The only other real option that I see (and this presumes an intelligent device) is QoS, marking the LAN traffic and prioritizing that traffic over other traffic.

I don't need two devices in this case because it's just to speed up traffic going to the outside world. And yes, you can get WAN acceleration without using a pair of hardware devices. Riverbad actually claims that they can do this with just one device. But since Riverbed is about 20,000/per device that's not really in the price range.
I'm looking at webfilters, etc. to see if I can limit the sites and things that are soaking it up, but I would also like to know if there is something out there LIKE wan acceleration that can speed up ALL outbound traffic to the internet.

Which Riverbed device are you looking at?  

Yes, there are some devices that can accelerate SOME WAN traffic without installing pairs.  They are generally limited to HTTP protocols though.

Device that "accelerate" the traffic don't speed up how fast the data goes over the WAN.  They reduced the amount of data that flows over the WAN.  They do this by various methods, such as data compression.  However to use a single device means that you have to be using protocols where the client/server allow for compressed data normally.

Examples:  

Web browsers allow for content to be statical or dynamically compressed using gzip or deflate. So you can install a product that does gzip/default compression for HTTP traffic.  Riverbed has their Web Application Accelerator that would fall into this category.

CIFS/Samba does not allow for data to be dynamically or statically compressed.  So if you are doing file sharing over a WAN you can't install a single box that could reduce the amount of data being sent over the WAN.  You have to install a pair of boxes.  One on each side.  Once that compresses the data and one that de-compresses the data.  Riverbed has their Wide Area File Services device that falls into this category.

There is NO device on the market that installed by itself that will "accelerate" ALL traffic.  Some applications (POP, SMTP for example) do not allow for compression of data, so there is nothing that can be done by one box that would be able to accelerate this type of traffic.

It's more like bandwidth management I guess. I'm looking for a device that can prioritize traffic to certain locations and based on what kind of application/protocol is being used.

For example, if I want to shut down iTunes for everyone but two users, I can allow iTunes traffic through for those two but it limits everyone else to nothing or a set limit. Then if I want to have a 'pipe' so that traffic out to a certain site is prioritized and goes through quickly, it can.

Hope that's more clear.  

I still think the FatPipe can do some or most of what you are trying to accomplish.  Or access-lists on the router (if you can do that).

Some firewalls can limit bandwidth based on protocol.  As _jesper_ stated you can use access-lists on a router, now not all routers will support that.

If you firewall/router does not support this, then you need to get something that is "inline" between the users and the outside world.    You could do this for free with GNU/Linux Kernel 2.6, two NIC's, and use tc commands for bandwidth shaping.

firewall/router not an option
I'll look at the fatPipe. It would have to be something along that tangent....

I took a look at the FatPipe but it seemed to be more about link redundancy than anything else. I need something where you can allocate bandwidth to certain applications, etc. but only for outgoing traffic - not to a specific endpoint on a WAN.

Is there no hardware appliance out there for that?

Other than QoS on a switch, I'm not familiar with any specific product.

One other thought, I have done rate-limiting with access-lists on cisco routers by defining the max amount of bandwidth that a particular application can use.  Not as good as QoS but you would be guaranteeing a specified amount for, example, http traffic.

on the surface that would be good, but it would have to be something at the application level because if you end up saying you want 50% of your bandwidth to go to port 80 you would have things like Morpheus, BitTorrent, iTunes, MSN, that all seem to be able to go over port 80 in the event of something trying to stop them, soaking up bandwidth.
If it was an application level solution you could tell it to just drop all of those things and only allow HTTP through.
That's what I'm looking for.

--> something at the application level

There is a BIG problem.  From the network's point of view a service is an application, so port 80 is the application.  It (the network) does not know, nor does it care about the "program" using that "application/service."  From the networks point of view, Morpheus, BitTorrent, iTunes, etc. are considered content when using port 80, not an application.

I know that Squid can do bandwidth throttling by scanning for the attachment HTTP header and then limiting bandwidth based on the file name in this header.  However I am not sure how those other programs work, so I don't know if it (or any other product) can do what you are asking.

The only thing you could do is limit traffic based on the "outside" IP address and port 80.

You would have to get something that examines the actual data content for all packets dealing with port 80 and then try and figure out what that packet is.  Now there could be some software/devices that have this smarts built into them already.

Actually,

I use NBAR in conjunction with access-lists for rate-limiting to avoid the problem that you mention above.

yeah, I'm talking about the signature of the application that is running through the port. Exinda would do something like that but I don't like the fact that Exinda only does port 80 and that's it. I like the way things like Riverbed will do all TCP traffic, but those devices have too much to offer for a project like this.

I want something as simple as the Exinda box with just a little more functionality.

Squid looks pretty close. Is that hardware or software?

software

just doesn't have the possibility of limiting certain applications based on IP, etc. Just proxy server to improve web, etc.